On Sun, 14 Jun 2015 06:59:52 +0200 Michal Trojnara Michal.Trojnara@mirt.net wrote:
After 1 minute of running stunnel running in server mode starts computing new DH parameters. This usually takes a few minutes depending on your hardware. The process is repeated every 24 hours.
Hi,
depending on your hardware, and what hardware we need now to run stunnel in server mode...
I see that the difference with previous versions are these 2 lines: Using hardcoded DH parameters DH initialized with 2048-bit key
Looking that I'm over 15 minutes now (and waiting) running the command openssl dhparam 2048 to generate static one, this could be a nightmare every 24 hours. For me isn't 25%CPU it is above 50% (or 100% in one thread) in a humble Pentium 4.
For me, too much. That is why I decided to follow your advice but, anyway, this takes so much to be by default for every system where stunnel runs. Some people might have stunnel running in lower specs hardware for a tiny server.
It is only my opinion.
Regards.
P.S.: I waited till end before send this to the list and took, finally, over 20 minutes...